JOC - JobScheduler Operations Center
  1. JOC - JobScheduler Operations Center
  2. JOC-666

Update jackson-databind version to 2.9.8 due to vulnerability issues in jackson (CVE-2018-19360, CVE-2018-19362, CVE-2018-19361, CVE-2018-14720, CVE-2018-14721, CVE-2018-14719, CVE-2018-14718, CVE-2018-7489)

    Details

    • Type: Fix Fix
    • Status: Released (View Workflow)
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.12.8
    • Fix Version/s: 1.12.9, 2.0
    • Component/s: None
    • Labels:
      None
    • CVE-ID:
      CVE-2018-19360, CVE-2018-19362, CVE-2018-19361, CVE-2018-14720, CVE-2018-14721, CVE-2018-14719, CVE-2018-14718, CVE-2018-7489

      Description

      Current Situation

      • Currently JOC Cockpit uses 3rd party library jackson-databind version 2.9.7.
      • A number of vulnerabilities affect this version, see https://www.cvedetails.com/

      Desired Behavior

      • Due to vulnerability Issues of older jackson-databind releases the JOC Cockpit should use the current version 2.9.8 that fixes the issues.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Santiago Aucejo Petzoldt
            Reporter:
            Santiago Aucejo Petzoldt
            Approver:
            Oliver Haufe
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: